From the start wireless networks have had major security problems over standard wire based networks. These problems range from denial of service at the very least, to a complete network compromise at the very worst
So let’s start simple: a wireless network device is like any other wireless device, be it your portable phone, your cell, wireless keyboard and mouse. Under part 15 of FCC guidelines these device must accept interference even if such interference causes undesired results. So when you talk on a portable 2.4 GHz phone and turn your microwave on, you might notice interference. Some wireless networks operate on the exact same frequency band as portable phones, microwaves and other devices. This means that something as benign as a microwave can turn into a device of denial of service. Don’t believe me? Check out what Slava Persion has been able to do with little more then a microwave oven.
So how do you protect against such an attack? Easy, a faraday cage, and a simple band pass filter. Faraday cages are a good idea for computer equipment regardless; these cages protect equipment from any electro magnetic radiation, including electro magnetic energy from the sun. Band pass filters protect wireless equipment from accepting interference from device transmitting or emitting energy not in the immediate band of your equipment. Faraday cages will not protect from this type of interference because the actual antenna will need to be outside the cage to connect to any node outside the cage. Here are some filter products for 802.11 networks. Keep in mind that the use of the faraday cages and band pass filters only minimize the damage some one can do with high energy radio frequency devices. Even with all of these devices installed and working properly if some one in your office/home runs their microwave oven with the door open you will loose network connectivity temporarily.
So we just protected your wireless network against hard attack or attack on the actual physical operation of your equipment, what about soft attack? Thousands of people drive around in there vans, cars, busses and so on searching for wireless networks. Again, if you don’t believe me a quick look at the WorldWide WarDriving Results and that might change your mind. These are the results from the last annual world wide war drive. These nice folks look for wireless networks and map them publicly. This means that any semi-intelligent, self-pronounced “Hacker” (in reality a cracker) can use a readily available dish such as the one from RadioLabs and use your network from the comfort of his/her own home.
So how do you protect from unauthorized users using your network? To start don’t trust any of the security that comes default with your wireless access point/ wireless router. Most new users don’t even enable the WEP “Encryption” that is built into their equipment, but those who do aren’t secure either. An engineering flaw in the actual algorithm allows compromise of the encryption in around an hour. Pre-made tools are redibly available for the script kiddies / crackers. Here is more information on Wired Equivalent Privacy (WEP) weaknesses.Wi-Fi Protected Access (WPA) isn’t much better. Various papers have been written showing that WPA is actually less secure then WEP. So how do you prevent against unauthorized access? I one word (actually three) Virtual Private Networking (VPN), although it’s a good idea to change the routers default SSID and disable broadcasting of the SSID along with enabling WEP or WPA encryption/encoding. But to truly run a secure wireless network you have to assume anything sent over the air is not secure. This is where VPN’s come to play. The VPN encrypts all traffic going over the wireless network, it can also provide a method of authentication, so the network really knows your computer is really your computer and not some hacker sitting in a van somewhere. Here is a simple explanation of VPN’s in 802.11 networks and a more advanced explanation.
More information on this entire general topic can be found at the US government department of N.I.S.T’s website.
Comments (0)
Topsight.net
http://www.topsight.net/article.php/2003120713594144